OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability Network Vulnerability

Summary

OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, OVS has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of- service condition. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.

Solution

Updates are available. Please see the references for more information.

References

http://www.openssl.org
http://www.openssl.org/news/secadv_20100601.txt
https://www.securityfocus.com/bid/40502

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0742
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player for Linux SWF Processing Vulnerability
Foxit Reader Multiple Denial of Service Vulnerabilities - Jun09
BlackIce DoS (ping flood)
Allegro Software RomPager 2.10 Denial of Service
AppSocket DoS

Take action and discover your vulnerabilities